Webmail: Two-Factor Authentication (2FA)

The use of two-factor authentication to prove a user's identity is based on the premise that an unauthorized actor is unlikely to be able to supply both factors required to access an account which utilizes 2FA. If, in an authentication attempt, at least one of the components is missing or incorrect, the user’s identity is not established with sufficient certainty and access to the user's Redtail Webmail account being protected by two-factor authentication remains blocked.

To enable two-factor authentication for your Redtail Webmail account, login to Redtail Webmail (login to the advanced (AJAX) version of Webmail as 2FA is not an option in the standard (HTML) version of Webmail), navigate to Preferences > Accounts then select Setup two-step authentication ... in the Account Security section.

Once you select the "Setup two-step authentication" link, the configuration process will begin with a brief description about 2FA. Simply click Begin Setup.

The next step in the setup process will be to verify your current email password. After typing in your password, click Next to proceed.

Next, you will be prompted to download and install an authentication app on your smartphone. The window will include a wiki link to a list of recommended apps. A few options we suggest are listed below:

Once you have installed your Smartphone OTP App of choice, you will enter your email address and the code generated by Redtail Webmail 2FA setup wizard, after which the app will generate another code to be entered into Webmail.

After entering the 6-digit verification code generated by your OTP app and selecting Next, you will see Success!. The two-step authentication feature is now enabled. You will now be prompted for a code in each new Browser, smartphone, computer, and app where you try to access your account. Also, you will see additional options appear below the link you selected to initiate the setup process as well as a link to disable.

One-Time Codes

With the use of two-factor authentication, there may be a situation when your smartphone doesn't have enough battery to answer the code challenge, or the device has been lost, etc. For cases like this, you can utilize the One-time code functionality. This feature allows users to generate multiple codes to use in case of emergency.

You can select the View link to see your One-time codes. You can print them or store them by other secure means.

Application Passcodes

If you utilize IMAP, POP, or ActiveSync connections within offline mail clients or mobile devices, you will need to generate an application passcode to utilize for those connections in lieu of the actual mailbox password.

Also, if you use Single Sign-On to access your Webmail from the CRM or if you send email from the CRM's internal email client, you will need an application passcode for those as well.

Applications passcodes are randomly generated and can be labeled for easy identification. All passcodes are automatically revoked when your mailbox password is changed. A separate passcode will need to be generated for all devices / offline clients in use.

How to create an application passcode

Within Redtail Webmail, navigate to Preferences > Accounts > Applications. Within the Account Security settings, select the Add Application Code button. You will be prompted to enter an application name / label. Within the Add Application Code dialog, enter a label to identify the client/device in the Application Name field and click Next. An application passcode will be generated and be displayed in the next dialog. Select Close when done.

After generation, you will go to the settings for your account in your offline client or mobile device and replace your mailbox password with the newly generated passcode.

After the application passcode has been created, you will see it listed under applications.

If you ever get rid of the device for which you created a passcode for, you can simply revoke the passcode at any time. To revoke, click on the application you wish to revoke and click the Revoke Code button.